Car sharing system

ABSTRACT

A car sharing system includes a car share device and a communication control unit. The car share device is configured to perform wireless communication with a mobile terminal that is operable as an electronic key. The communication control unit controls the wireless communication between the mobile terminal and the car share device so that an authentication process through bidirectional communication is executed only when a communication connection establishment process is performed. After the wireless communication has been established, the communication control unit controls the wireless communication so that actuation of an on-board device is permitted in accordance with operation of the mobile terminal through unidirectional communication from the mobile terminal to the car share device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is based upon and claims the benefit of priority fromprior Japanese Patent Application No. 2017-196932, filed on Oct. 10,2017, the entire contents of which are incorporated herein by reference.

FIELD

This disclosure relates to a car sharing system that shares a vehiclewith a number of people.

BACKGROUND

Japanese Laid-Open Patent Publication Nos. 2016-115077 and 2016-71834describe a car sharing system that shares a vehicle with a number ofpeople. In such type of a car sharing system, for example, afterregistering for usage of the car share system, a reservation for a caris made with a mobile terminal (e.g., smartphone) to obtain permissionto use the vehicle during the reserved time.

SUMMARY

In the car sharing system, a car share device may be installed in avehicle. The car share device is configured to establish communicationwith a mobile terminal. The car share device allows the mobile terminalto be used in place of an electronic key (vehicle key). The car sharedevice communicates with the mobile terminal and uses a versatileelectronic key system to actuate an on-board device. In such a carsharing system, there is a need to improve the response for actuating anon-board device when operating the mobile terminal while maintainingsecurity.

One embodiment of a car sharing system includes a car share device and acommunication control unit. The car share device is installed in avehicle and configured to verify an electronic key ID used by anelectronic key system of the vehicle. The car share device is configuredto communicate with a mobile terminal that is operable as a vehicle keywhen code information is registered to the mobile terminal. The carshare device is further configured to authenticate the code informationthrough wireless communication with the mobile terminal and permitactuation of an on-board device by verifying the electronic key ID withthe electronic key system when the mobile terminal is operated toactuate the on-board device. The communication control unit controls thewireless communication between the mobile terminal and the car sharedevice so that an authentication process through bidirectionalcommunication between the mobile terminal and the car share device isexecuted only when a communication connection establishment process isexecuted to establish the wireless communication and so that after thewireless communication is established, actuation of the on-board deviceis permitted in accordance with operation of the mobile terminal throughunidirectional communication from the mobile terminal to the car sharedevice.

Other embodiments and advantages thereof will become apparent from thefollowing description, taken in conjunction with the accompanyingdrawings, illustrating by way of example the principles of theinvention. It is to be understood that both the foregoing generaldescription and the following detailed description are exemplary andexplanatory and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments, together with objects and advantages thereof, may bestbe understood by reference to the following description of the presentlypreferred embodiments together with the accompanying drawings in which:

FIG. 1 is a schematic block diagram illustrating one embodiment of a carsharing system;

FIG. 2 is a diagram illustrating an example communication sequence for anormal situation;

FIG. 3 is a diagram illustrating an example communication sequence for asituation simulating theft;

FIG. 4 is a diagram illustrating an example communication sequence foractuating an on-board device through only unidirectional communicationwithout performing authentication process through bidirectionalcommunication; and

FIG. 5 is a diagram illustrating an example communication sequence forperforming authentication process through bidirectional communicationwhenever requesting for actuation of an on-board device.

DESCRIPTION OF THE EMBODIMENTS

One embodiment of a car sharing system will now be described withreference to FIGS. 1 to 5.

As illustrated in FIG. 1, a vehicle 1 is provided with an electronic keysystem 4. In one embodiment, the electronic key system 4 includes anelectronic key 2 (vehicle key) and a verification electronic controlunit (ECU) 9 that verifies the ID of the electronic key 2 throughwireless communication with the electronic key 2. The verification ECU 9executes or permits actuation of an on-board device 3 upon IDverification accomplishment of the electronic key 2. The electronic keysystem 4, which is a key-operation-free system, performs electronic keyID verification (also referred to as smart verification) through shortrange wireless communication initiated by the vehicle 1 (verificationECU 9). In the key-operation-free system, electronic key ID verificationis automatically performed without directly operating the electronic key2. The on-board device 3 may include, but not limited to, for example, adoor lock device 5 and an engine 6.

The vehicle 1 includes the verification ECU 9, a body ECU 10 thatmanages the power supply for on-board electrical devices, and an engineECU 11 that controls the engine 6. The body ECU 10 and the engine ECU 11are each referred to as an on-board device ECU. The ECUs 9 to 11 areelectrically connected to one another by a communication line 12 in thevehicle 1. The communication line 12 is, for example, a Controller AreaNetwork (CAN), a Local Interconnect Network (LAN), or a combination ofthese networks. The verification ECU 9 and the electronic key 2 eachinclude a memory (not illustrated) that stores an electronic key ID andan electronic key unique encryption code. The electronic key ID and theelectronic key unique encryption code are information unique to theelectronic key 2 that is registered to the vehicle 1 and used forelectronic key ID verification. The body ECU 10 controls the door lockdevice 5 that locks and unlocks the vehicle door 13.

The electronic key system 4 further includes a radio wave transmitter 16and a radio wave receiver 17 that are arranged in the vehicle 1. Forexample, the radio wave transmitter 16 may include an exteriortransmitter (not illustrated) that transmits radio waves to the outsideof the vehicle 1 and an interior transmitter (not illustrated) thattransmits radio waves to the inside of the vehicle 1. The radio wavetransmitter 16 transmits radio waves on the low frequency (LF) band. Theradio wave receiver 17 receives radio waves on the ultrahigh frequency(UHF) band. Accordingly, in the electronic key system 4, theverification ECU 9 communicates with the electronic key 2 through LF-UHFbidirectional communication.

As the electronic key 2 enters a communication area formed by a wakesignal on LF radio waves transmitted from the radio wave transmitter 16,the electronic key 2 receives the wake signal and shifts from a standbystate to an activated state. Upon activation of the electronic key 2,the verification ECU 9 performs ID verification (smart verification) onthe electronic key 2. In a non-restrictive example, the smartverification performed between the electronic key 2 and the verificationECU 9 includes electronic key ID verification that authenticates theelectronic key 2 and challenge-response authentication that uses theelectronic key unique encryption code. The electronic key IDverification performed under a situation in which the electronic key 2is located outside the vehicle 1 is referred to as exterior smartverification. When exterior smart verification is accomplished, theverification ECU 9 permits or performs locking or unlocking of thevehicle door 13 with the body ECU 10.

The electronic key ID verification performed under a situation in whichthe electronic key 2 is located inside the vehicle 1 is referred to asinterior smart verification. When interior smart verification isaccomplished, the verification ECU 9 permits the shifting of devicessupplied with power when an engine switch 18 is operated. For example,when the engine switch 18 is operated in a state in which the brakepedal is depressed, the verification ECU 9 starts the engine 6 with theengine ECU 11.

The vehicle 1 is provided with a car sharing system 21 that allows thevehicle 1 to be shared by a number of people. In the present example,the car sharing system 21 includes a car share device 23 installed inthe vehicle 1. The car share device 23 is configured to verify theelectronic key ID used by the electronic key system 4 of the vehicle 1.Further, the car share device 23 is configured to establish wirelesscommunication with a mobile terminal 22. Encrypted code information Dkobtained from, for example, an external device such as a server (notillustrated) is registered to the mobile terminal 22. The car sharedevice 23 obtains the code information Dk from the mobile terminal 22and authenticates the code information Dk. In the present example, thecar share device 23 includes an encryption code (car share device uniqueencryption code) used to decode the code information Dk. The codeinformation Dk is authenticated when decoded. When the code informationDk is authenticated, the car share device 23 performs an authenticationprocess through bidirectional wireless communication with the mobileterminal 22. When the authentication process is accomplished throughbidirectional wireless communication, the car share device 23 acceptsrequests for actuating the on-board device 3 from the mobile terminal22. The mobile terminal 22 may be, for example, a smartphone.Preferably, the code information Dk is, for example, a one-time key(one-time password) that can be used only once.

The car share device 23 is independent from the hardware configurationof the electronic key system 4 and may be retrofitted to the vehicle 1.The car share device 23, for example, functions as an electronic key(vehicle key) that is valid only during the reserved time of the vehicle1 and is similar to a spare key. In the present example, the car sharedevice 23 cooperates with the mobile terminal 22 so that the mobileterminal 22 functions as a vehicle key in place of the electronic key 2.The car share device 23 has an electronic key function that is switchedbetween a valid state and an invalid state. A state in which theelectronic key function of the car share device 23 is valid isequivalent to a state in which an electronic key exists in the vehicle1. A state in which the electronic key function is invalid is equivalentto a state in which an electronic key does not exist in the vehicle 1.The car share device 23 is supplied with power from a battery +B of thevehicle 1.

In a non-restrictive example, the mobile terminal 22 includes a terminalcontrol unit 26, a network communication module 27, a near-fieldwireless communication module 28, and a memory 29. The terminal controlunit 26 controls the operation of the mobile terminal 22. The networkcommunication module 27 is used to perform network communication betweenthe mobile terminal 22 and an external device such as a server (notillustrated). The near-field wireless communication module 28 is used toperform near-field wireless communication between the mobile terminal 22and the car share device 23. The memory 29 is a data rewritable memory.The mobile terminal 22 obtains the code information Dk from the servervia the network communication module 27 and writes the code informationDk to the memory 29. The near-field wireless communication is performedin compliance with, for example, Bluetooth (registered trademark),preferably, Bluetooth® Low Energy (BLE).

A user interface (UI) application 30 is installed in the mobile terminal22 to manage operation of the car sharing system 21. The UI application30 is, for example, downloaded from a server and installed in theterminal control unit 26. In the present example, a user authenticationcode is registered to the memory 29 of the mobile terminal 22. The userauthentication code is used when the mobile terminal 22 communicateswith the car share device 23 of the vehicle 1 to actuate the on-boarddevice 3 in accordance with the operation of the mobile terminal 22. Theuser authentication code may be included in, for example, the codeinformation Dk. The user authentication code may be, for example, arandom number of which value changes whenever generated. The userauthentication code may be registered in advance to the car sharingsystem 21 or generated when the vehicle 1 is used.

In a non-restrictive example, the car share device 23 includes acontroller 33, a smart communication block 34, a near-field wirelessmodule 35, a memory 36, and a timer 37. The controller 33 controlsoperation of the car share device 23. The smart communication block 34is used to establish smart communication (short range wirelesscommunication) between the car share device 23 and the electronic keysystem 4 (verification ECU 9). The near-field wireless module 35 is usedto establish near-field wireless communication between the mobileterminal 22 and the car share device 23.

The memory 36 is a data rewritable memory. The memory 36 stores a carshare device ID, a car share device unique encryption code, theelectronic key ID, and the electronic key unique encryption code. Thecar share device ID and the car share device unique encryption code areinformation unique to the car share device 23. The car share deviceunique encryption code is used to decode the code information Dk usedfor encrypted communication between the mobile terminal 22 and the carshare device 23. The car share device unique encryption code may bestored in the server (not illustrated). The mobile terminal 22 mayobtain the code information Dk, which is encrypted by the car sharedevice unique encryption code, from the server. The car share device IDis, for example, associated with a vehicle ID (vehicle body number).This associates the car share device 23 with the vehicle 1. As describedabove, the electronic key ID and the electronic key unique encryptioncode are information unique to the electronic key 2 and used forelectronic key ID verification (in the present example, smartverification) performed with the electronic key system 4. The timer 37manages the date and time in the car share device 23. The timer 37 isimplemented by, for example, a soft timer.

The car share device 23 includes a key function unit 38 that performselectronic key ID verification (in the present example, smartverification) through smart communication established by the smartcommunication block 34 between the electronic key system 4 (verificationECU 9) and the car share device 23. The key function unit 38 is arrangedin the controller 33. For example, the car share device 23 includes oneor more processors and a memory storing one or more instructions. Theone or more processors execute instructions so that the controller 33functions as the key function unit 38. The key function unit 38 obtainsthe code information Dk from the mobile terminal 22 and authenticatesthe code information Dk. When authentication of the code information Dkis accomplished in a normal manner, the key function unit 38 is allowedto perform electronic key ID verification through smart communicationwith the verification ECU 9. For example, when the mobile terminal 22 isoperated to actuate the on-board device 3, the key function unit 38performs electronic key ID verification (in the present example, smartverification) between the car share device 23 and the verification ECU 9through a process similar to the electronic key ID verificationperformed between the electronic key 2 and the verification ECU 9. Whenelectronic key ID verification is accomplished, actuation of theon-board device 3 is performed or permitted in accordance with operationof the mobile terminal 22.

The car sharing system 21 further includes a communication control unit41 that controls wireless communication between the mobile terminal 22and the car share device 23. For example, the communication control unit41 is arranged in the terminal control unit 26 of the mobile terminal22. The communication control unit 41 controls wireless communication sothat the authentication process through bidirectional communicationbetween the mobile terminal 22 and the car share device 23 is executedonly when a communication connection establishment process is performedto establish wireless communication between the mobile terminal 22 andthe car share device 23. In the present example, a challenge-responseauthentication is performed between the mobile terminal 22 and the carshare device 23 as the authentication process through bidirectionalcommunication. Further, the communication control unit 41 controlswireless communication so that after wireless communication isestablished, actuation of the on-board device 3 is permitted inaccordance with operation of the mobile terminal 22 throughunidirectional communication from the mobile terminal 22 to the carshare device 23.

The operation of the car sharing system 21 will now be described withreference to FIGS. 2 to 5.

To actuate the on-board device 3 of the vehicle 1 by operating themobile terminal 22, the car share device 23 first authenticates the codeinformation Dk by establishing wireless communication with the mobileterminal 22. In the present example, near-field wireless communication(Bluetooth) is performed as the wireless communication. However, othertypes of wireless communication may be performed instead. The codeinformation Dk of the mobile terminal 22 is transmitted throughnear-field wireless communication to the car share device 23. When thecar share device 23 receives the code information Dk, the car sharedevice 23 decodes the code information Dk with a certain encryption code(in the present example, car share device unique encryption code). Ifthe code information Dk cannot be correctly decoded, the mobile terminal22 cannot be used as the electronic key.

If the code information Dk is correctly decoded, authentication of thecode information Dk is accomplished, and the car share device 23 writesthe user authentication code included in the code information Dk to thememory 36 of the car share device 23. In this state, an authenticationprocess through bidirectional communication between the mobile terminal22 and the car share device 23 can be performed. In the present example,challenge-response authentication using the user authentication code isexecuted as the authentication process through bidirectionalcommunication.

Operation in Normal Situation

An operation performed in a normal situation will now be described withreference to FIG. 2. A normal situation operation refers to an operationthat an authorized user performs to actuate the on-board device 3 of thevehicle 1 (share vehicle) with the mobile terminal 22.

In step S101, the user operates and activates a near-field wirelesscommunication connection button with the mobile terminal 22. Thenear-field wireless communication connection button is, for example, aBLE connection button shown in the display of the mobile terminal 22.

In step S102, when the UI application 30 of the mobile terminal 22detects that the BLE connection button has been operated, thecommunication control unit 41 executes a communication connectionestablishment process to establish wireless communication (BLE) betweenthe mobile terminal 22 and the car share device 23. For example, thecommunication control unit 41 sets a communication mode to acommunication connection initiation mode to initiate the communicationconnection establishment process. When the communication connectionestablishment process is initiated, an authentication process (in thepresent example, challenge-response authentication) is executed throughbidirectional communication between the mobile terminal 22 and the carshare device 23.

In a non-restrictive example, the challenge-response authentication isperformed in the following manner. The car share device 23 firsttransmits a challenge code to the mobile terminal 22. The challenge codeis a random number of which the value changes whenever thechallenge-response authentication is executed. The mobile terminal 22uses the user authentication code stored in the memory 29 to calculate aresponse code from the received challenge code. The mobile terminal 22transmits the calculated response code to the car share device 23.

The user authentication code has already been obtained by the car sharedevice 23 through the authentication of the code information Dk. The carshare device 23 uses the user authentication code stored in the memory36 to calculate the response code from the challenge code transmitted tothe mobile terminal 22. The car share device 23 compares the calculatedresponse code with the response code transmitted from the mobileterminal 22. The car share device 23 determines that thechallenge-response authentication has been accomplished when the tworesponse codes match.

In step S103, when the challenge-response authentication isaccomplished, the UI application 30 of the mobile terminal 22 transmitsa near-field wireless communication connection request to the car sharedevice 23. In response to the near-field wireless communicationconnection request, the car share device 23 establishes near-fieldwireless communication (in the present example, BLE) with the mobileterminal 22. When BLE is established, BLE connection between the mobileterminal 22 and the car share device 23 is maintained.

In step S104, the car share device 23 transmits a request acceptanceresponse to the mobile terminal 22 notifying the establishment ofnear-field wireless communication (BLE). Upon receipt of the requestacceptance response, the mobile terminal 22 notifies the user thatnear-field wireless communication connection has been established by,for example, indicating such a state on its display. After near-fieldwireless communication (BLE) is established between the mobile terminal22 and the car share device 23, the communication control unit 41 setsthe BLE communication to unidirectional communication from the mobileterminal 22 to the car share device 23. For example, the communicationcontrol unit 41 sets the communication mode to a unidirectionalcommunication mode that permits actuation of the on-board device 3according to operation of the mobile terminal 22 through unidirectionalcommunication from the mobile terminal 22 to the car share device 23.

When the car share device 23 transmits the request acceptance responseto the mobile terminal 22 (S104), the car share device 23 switches thekey function unit 38 from an invalid state to a valid state. This allowsthe key function unit 38 to verify the electronic key ID used by theelectronic key system 4. When the key function unit 38 is valid, themobile terminal 22 and the car share device 23 have both beenauthenticated. Thus, the mobile terminal 22 can be used in place of theelectronic key 2 as the electronic key (vehicle key) of the vehicle 1.

In step S105, the user operates and activates an operation requestbutton of the mobile terminal 22. The operation request button is usedto actuate the on-board device 3 and may be, for example, an unlockrequest button for unlocking the vehicle door 13, a lock request buttonfor locking the vehicle door 13, an engine start button for starting theengine 6, or the like.

In step S106, the UI application 30 of the mobile terminal 22 transmitsan operation request signal, which corresponds to the operation requestbutton, to the car share device 23. In a non-restrictive example, theoperation request signal may include the electronic key ID, theelectronic key unique encryption code, and a device actuation commandcorresponding to the operation request button.

In step S107, when the car share device 23 receives the operationrequest signal, the car share device 23 transmits a request acceptanceresponse to the mobile terminal 22. Further, the car share device 23communicates with the electronic key system 4 to actuate the on-boarddevice 3 in accordance with the received operation request signal. In anon-restrictive example, the car share device 23 establishes smartcommunication between the electronic key system 4 and the verificationECU 9 with the smart communication block 34 and sends a device actuationcommand and the electronic key ID to the verification ECU 9. Theverification ECU 9 performs electronic key ID verification. Whenaccomplishing electronic key ID verification, the verification ECU 9sends the device actuation command to the on-board device ECU of thecorresponding on-board device 3 and actuates the on-board device 3.

For example, if the device actuation command is an unlock requestcommand for the vehicle door 13, the body ECU 10 actuates the door lockdevice 5 to unlock the vehicle door 13. If the device actuation commandis a lock request command for the vehicle door 13, the body ECU 10actuates the door lock device 5 to lock the vehicle door 13. If thedevice actuation command is a starting request command for the engine 6,the engine ECU 11 permits starting of the engine 6. For example, if theengine switch 18 is operated when the brake pedal is depressed, theengine ECU 11 starts the engine 6. In addition to electronic key IDverification, challenge-response authentication using the electronic keyunique encryption code may be performed between the verification ECU 9and the car share device 23 if necessary. In this manner, smartverification may be performed between the car share device 23 and theverification ECU 9 in the same manner as the smart verificationperformed between the electronic key 2 and the verification ECU 9.

Operation Simulating Theft

An operation performed in a situation simulating theft will now bedescribed with reference to FIG. 3. The operation simulating theftrefers to, for example, the operation simulating a case in which a thirdparty (thief) monitors the connection establishment process ofnear-field wireless communication connection with a monitoring deviceand, subsequent to establishment of wireless communication, blocks andmonitors unidirectional communication (operation request signaltransmitted from mobile terminal 22 to car share device 23). Steps S201to S206 of FIG. 3 respectively correspond to steps S101 to S106 of FIG.2 and thus will not be described below.

In step S207, a third party (thief) blocks and monitors near-fieldwireless communication (i.e., operation request signal) to obtain theoperation request signal in an unauthorized manner. In this case, theoperation request signal does not reach the car share device 23 and thusdoes not actuate the car share device 23. The thief that has obtainedthe operation request signal temporarily goes away from the vehicle 1.

In step S208, the mobile terminal 22 does not receive a requestacceptance response to the operation request signal (S206). In thiscase, the on-board device 3 of the vehicle 1 is not actuated even thoughthe user has operated the operation request button of the mobileterminal 22. Thus, the user operates the mobile terminal 22 again, andthe mobile terminal 22 sends an operation request signal to the carshare device 23. Since the thief has left the vehicle 1, the on-boarddevice 3 of the vehicle 1 is actuated in accordance with the operationrequest signal as described in step S106. Then, after the vehicle 1 isused, the vehicle 1 is shifted to a parked state (door locked and enginestopped).

In step S209, the third party (thief) attempts to use the parked vehicle1 in an unauthorized manner. In this case, the challenge-responseauthentication needs to be accomplished through communication with thecar share device 23. However, the thief does not know the specificationsfor calculating the challenge-response authentication. Thus, near-fieldwireless communication is not established. This prevents unauthorizeduse of the vehicle 1 by the thief.

FIG. 4 illustrates an example of a communication sequence for a case inwhich the on-board device 3 would be actuated through onlyunidirectional communication between the mobile terminal 22 and the carshare device 23 without performing the authentication process throughbidirectional communication. As illustrated in FIG. 4, a third party(thief) blocks and monitors unidirectional communication (operationrequest signal) from the mobile terminal 22 to the car share device 23.Then, after the thief interrupts near-field wireless communication once(establishment failure), the thief transmits a near-field wirelesscommunication connection request to the car share device 23 and attemptsto establish communication. In this case, the authentication processperformed through bidirectional communication does not require thecommunication connection establishment process. Thus, the car sharedevice 23 transmits a request acceptance response when receiving theconnection request. This establishes near-field wireless communicationbetween the mobile terminal of the thief and the car share device 23 andallows the thief to use the vehicle 1 without authorization by sendingthe monitored operation request signal to the car share device 23.

FIG. 5 illustrates an example of an improvement to the communicationsequence of FIG. 4. In the communication sequence of FIG. 5, wheneverthe mobile terminal 22 transmits an operation request signal to the carshare device 23, an authentication process through bidirectionalcommunication (e.g., challenge-response authentication) would have to beexecuted. In such a communication sequence, the mobile terminal 22executes the challenge-response authentication whenever actuating theon-board device 3. This prolongs the communication time. Thus, thecommunication response is poor. In contrast, in the communicationsequence of the present example illustrated in FIG. 2, thecharge-response authentication is executed only when the communicationconnection establishment process is performed for the first time. Afterwireless communication is established, actuation of the on-board device3 is permitted through unidirectional communication from the mobileterminal 22 to the car share device 23. This improves the communicationresponse while maintaining security against unauthorized use of thevehicle 1.

The car sharing system 21 of the present embodiment has the advantagesdescribed below.

An authentication process through bidirectional communication isexecuted only when the communication connection establishment processfor near-field wireless communication is performed. Once wirelesscommunication is established, actuation of the on-board device 3 ispermitted through unidirectional communication from the mobile terminal22 to the car share device 23. Thus, the entire communication time isshortened because an authentication process through bidirectionalcommunication is not executed once wireless communication is establishedand also because actuation of the on-board device 3 is permitted throughunidirectional communication. This improves the response when actuatingthe on-board device 3 by operating the mobile terminal 22 whilemaintaining security against unauthorized use of the vehicle 1.

The authentication process through bidirectional communication is achallenge-response authentication. Thus, the security of communicationbetween the mobile terminal 22 and the car share device 23 is obtainedthrough the challenge-response authentication.

After communication is established, the mobile terminal 22 only needs totransmit an operation request signal to the car share device 23 toactuate the on-board device 3 in accordance with the operation requestsignal. In this manner, the mobile terminal 22 actuates the on-boarddevice 3 through unidirectional communication. This improves theoperation response.

It should be apparent to those skilled in the art that the foregoingembodiments may be implemented in many other specific forms withoutdeparting from the scope of this disclosure. Particularly, it should beunderstood that the foregoing embodiments may be implemented in thefollowing forms.

The authentication process performed through bidirectional communicationis not limited to challenge-response authentication and may be adifferent authentication.

Any encryption code may be used for the authentication process performedthrough bidirectional communication (challenge-response authentication)and the encryption process performed through unidirectionalcommunication.

The communication control unit 41 does not have to be arranged in themobile terminal 22 (terminal control unit 26) and may be arranged inanother device such as the car share device 23.

The code information Dk does not have to be encrypted with the car sharedevice unique encryption code and may be encrypted with anotherencryption code.

The content of the code information Dk may be changed to one other thanthat of the above embodiment.

The code information Dk does not have to be generated by the server andmay be generated by any other external device.

The condition for switching the key function unit 38 from an invalidstate to a valid state is not limited to the condition described aboveand may be any condition.

The engine 6 may be started by, for example, operating an “engine start”button shown on the display of the mobile terminal 22.

In the smart verification of the key-operation-free system (electronickey system 4), the exterior transmitter and the interior transmitter donot have to be used to determine whether the electronic key 2 is locatedinside the vehicle 1 or outside the vehicle 1. For example, left andright antennas (LF antennas) may be arranged on the vehicle body, andthe combination of the response of the electronic key 2 to the radiowaves transmitted from each antenna may be checked to determine whetherthe electronic key 2 is located inside the vehicle 1 or outside thevehicle 1.

The smart verification of the electronic key system 4 does not have toperform both electronic key ID verification and challenge-responseauthentication. As long as electronic key ID verification is performed,any verification process may be performed. Further, any authenticationmay be performed in lieu of the challenge-response authentication.

In the electronic key system 4, instead of using the verification ECU 9,the electronic key 2 may initiate wireless communication and executeelectronic key ID verification.

The electronic key 2 is not limited to a Smart Key (registeredtrademark) and may be any other wireless key.

The near-field wireless communication is not limited to Bluetoothcommunication and may be of any type of communication protocol.

The code information Dk is not limited to a one-time key and may be anyinformation of which use is restricted.

The encryption code used for encrypted communication may be, forexample, any one of the car share device unique encryption code, theuser authentication code, and the electronic key unique encryption code.For example, the encryption code used during a process may be switchedto improve communication security.

Communication between the verification ECU 9 (electronic key system 4)and the car share device 23 is not limited to wireless communication andmay be wired communication.

There is no limit to where the car share device 23 is installed.

The mobile terminal 22 is not limited to a smartphone and may be anyother mobile terminal.

All examples and conditional language recited herein are intended forpedagogical purposes to aid the reader in understanding the principlesof the invention and the concepts contributed by the inventors tofurthering the art, and are to be construed as being without limitationto such specifically recited examples and conditions, nor does theorganization of such examples in the specification relate to anillustration of the superiority and inferiority of the invention.Although embodiments have been described in detail, it should beunderstood that various changes, substitutions, and alterations could bemade hereto without departing from the scope of this disclosure.

1. A car sharing system comprising: a car share device installed in avehicle and configured to verify an electronic key ID used by anelectronic key system of the vehicle, wherein the car share device isconfigured to communicate with a mobile terminal that is operable as avehicle key when code information is registered to the mobile terminal,and the car share device is further configured to authenticate the codeinformation through wireless communication with the mobile terminal andpermit actuation of an on-board device by verifying the electronic keyID with the electronic key system when the mobile terminal is operatedto actuate the on-board device; and a communication control unit thatcontrols the wireless communication between the mobile terminal and thecar share device so that an authentication process through bidirectionalcommunication between the mobile terminal and the car share device isexecuted only when a communication connection establishment process isexecuted to establish the wireless communication and so that after thewireless communication is established, actuation of the on-board deviceis permitted in accordance with operation of the mobile terminal throughunidirectional communication from the mobile terminal to the car sharedevice.
 2. The car sharing system according to claim 1, wherein: theauthentication process through the bidirectional communication is achallenge-response authentication; in the challenge-responseauthentication, each of the mobile terminal and the car share devicegenerates a code from a random number of which value changes wheneverthe challenge-response authentication is executed; and the challengeresponse authentication is accomplished when the code generated by themobile terminal matches the code generated by the car share device. 3.The car sharing system according to claim 1, wherein: the mobileterminal transmits an operation request signal corresponding tooperation of the mobile terminal to the car share device through theunidirectional communication after the wireless communication isestablished; and the car share device actuates the on-board device inaccordance with a device actuation command included in the operationrequest signal.
 4. The car sharing system according to claim 1, wherein:the car share device obtains the code information from the mobileterminal when using the vehicle for a first time and verifies the codeinformation with a certain encryption code; and the communicationcontrol unit initiates the communication connection establishmentprocess if the mobile terminal is operated when the code information hasbeen verified.
 5. The car sharing system according to claim 1, whereinthe authentication process through the bidirectional communication isexecuted using an encryption code included in the code information.